Positive Technologies found the following 10 most common vulnerabilities in its research:

Cross-site scripting – 74%

Fingerprinting – 61%

Information leakage – 52%

Brute force – 52%

Cross-site request forgery – 39%

SQL injection – 26%

URL redirector abuse – 17%

OS commanding – 9%

XML external entities – 9%

Path traversal – 9%

Some 48% of tested web applications were not protected from unauthorized access. Additionally, the ability to gain full control was available in 17% of tested applications.

So, why are all of these apps vulnerable to hackers? According to the report, 65% of the vulnerabilities are due to coding errors. An additional third of the errors were due to incorrectly configured web servers, the report said.

“Web application security is still poor and, despite increasing awareness of the risks, is still not being prioritized enough in the development process,” Positive Technologies cybersecurity resilience lead, Leigh-Anne Galloway, said in the report. “Most of these issues could have been prevented entirely by implementing secure development practices, including code audits from the start and throughout.”

The big takeaways for tech leaders:

A new report from Positive Technologies claims that 44% of web apps allow hackers to access personal data.

All web apps contain vulnerabilities, with cross-site scripting, fingerprinting, and information leakage being the most common.